Researchers at the National University of Singapore and Yonsei University in the Republic of Korea have invented a device that can detect whether malware is accessing a laptop microphone without permission.
The prototype device, codenamed TickTock, described in a paper (opens in new tab) entitled ‘TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals’, is so named because of how it monitors the electromagnetic (EM) leakage from a laptop microphone’s clock signals.
The five brains behind the development – Soundarya Ramesh, Ghozali Suhariyanto Hadi, Sihun Yang, Mun Choon Chan, and Jun Han – call TickTock one of the first “adequate solutions” to malware attacks that leverage microphones, a definite privacy win.
Microphones and malware
The misuse of microphones in laptops by cyberattackers has, until now, been harder to combat than webcam-based attacks, which can be foiled simply by placing a slider or piece of tape over the lens.
The latest and best Apple laptops will disable the microphone when the lid is closed, Dell has Linux drivers that maintain user privacy, Windows 10 and macOS 12 visibly indicate microphone activation, and Purism’s Librem 5 USA, a privacy-focused smartphone, features three hardware kill switches. However, not all devices benefit from these kinds of protections.
Users who prefer hardware-based solutions, given that malware may compromise software-based security features, may have to hold on for TickTock. The device’s final form, say its developers, may simply be a USB drive, ideal for business laptops or mobile workstations.
Testing TickTock across thirty laptops, researchers successfully and consistently identified a microphone’s on/off status across twenty-seven of them. The paper claims of this data that the new device “correctly identifies mic recording with high true positive and negative rates”.
However, the paper also acknowledged that TickTock needs more time in development, with the device being unable to detect microphone signals across all three of the Apple Macbooks tested. Apparently, the aluminium casing and short flex cables reduced EM leakage to undetectable levels.
In addition, while TickTock was shown to work well on laptops with in-built recording hardware, it fared less well with smartphones, tablets, smart speakers, and USB webcams. In these scenarios, it managed to detect microphone clock frequencies in just 21 out of 40 devices.
The researchers cite a number of reasons for this, including the use of analog microphones instead of digital devices without power constraints not cutting off clock frequencies when not in use, and smaller form factors causing “reduced EM leakage in lower radio frequencies”.
Despite this, the researchers will continue developing TickTock, hoping to “identify access to other sensors including cameras and inertial measurement unit (IMU) sensors” in the future.
Via The Register (opens in new tab)